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TRANSITION {SOURCE => DEST) 
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HANDLERACTION 


00=>00 


NO TRANSITION EXCEPTION 


00=> 01 


VECT_xxx_X86_CC EXCEPTION - HANDLER CONVERTS FROM NATIVE TO x86 CONVENTIONS 


00 => 1x 


VECT xxx X86 CC EXCEPTION - HANDLER CONVERTS FROM NATIVE x86 CONVENTIONS, 

SETS UP EXPECTED EMULATOR AND PROFILING STATE 


01 => 00 


VECT_xxx_TAP_CC EXCEPTION - HANDLER CONVERTS FROM x86 TO NATIVE CONVENTIONS 


01 => 01 


NO TRANSITION EXCEPTION 


01 => 1x 


VECT X86 ISA EXCEPTION [CONDITIONAL BASED ON PCWJC86 ISA ENABLE FLAG] 
• SETS UP EXPECTED EMULATOR AND PROFILING STATE 


1x=>00 


VECT_xxx_TAP_CC EXCEPTION ■ HANDLER CONVERTS FROM x86 TO NATIVE CONVENTIONS 
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VECT TAP ISA EXCEPTION [CONDITIONAL BASED PCW.TAP ISA ENABLE FLAG] 
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NAME 


DESCRIPTION 


TYPE 


VECT call X86 CC 


PUSH ARGS, RETURN ADDRESS, SET UP x86 STATE 


FAULTON TARGET INSTRUCTION 


VECTJump X86 CC 


SET UP x86 STATE 


FAULT ON TARGET INSTRUCTION 


VECT ret no fp X86 CC 


RETURN VALUE TO EAXfDX, SET UPx86 STATE 


FAULTON TARGET INSTRUCTION 


VECT ret fp X86 CC 


RETURN VALUE TO x86 FP STACK, SET UP x86 STATE 


FAULTON TARGET INSTRUCTION 


VECT call TAP CC 


x86 STACK ARGS, RETURN ADDRESS TO REGISTERS 


FAULTON TARGET INSTRUCTION 


VECTJump TAP CC 


x86 STACK ARGS TO REGISTERS 


FAULT ON TARGET INSTRUCTION 


VECT ret no fp TAP CC 


RETURN VALUETORVO 


FAULTON TARGET INSTRUCTION 


VECT ret any TAP CC 


RETURN TYPE UNKNOWN, SETUP RVO AND RVDP 


FAULT ON TARGET INSTRUCTION 
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SLOT (8 
EIP<1:0> -10" 



f X86-TO-TAPESTRY 
TRANSITION 
CASE CALL "00" 
MOVE PARAMETERS FROM 
MEMORY STACKTO 
REGISTERS 
-XD-0 

CASE "10" OR "11" RETURN: 
MOVE FUNCTION RETURN 
VALUE FROM X86 HOME 
TOTAPESTRYHOME 

CASE RESUME FROM EXCEPTION 
RESTORE TAPESTRY 
CONTEXT FROM 
SAVE SLOT 
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OF CALLEE'S ISA ( 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 




x86 -RISC TRANSITION: 
MAPx86 CALL TO RISC 

322 (FIG.3H) 



RISC-X86 TRANSITION: 
MAPx86 RETURN TO RISC 

342 (FIG. 31) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 




RISC-X86 TRANSITION: 
MAP RISC CALL TO x86 

340 (FIG. 31) 



X86-RISC TRANSITION: 
MAP RISC RETURN TOx86 

329,332 (FIG.3H) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 



FIG. 3D 



FLAT 32-BIT "NEAR" ADDRESS SPACE 




X86-RISC TRANSITION: 
MAP RISC RETURN TO x86 

329,332 (FIG.3H) 



RISC-X86 TRANSITION: 
MAP RISC CALL TO x86 

343-348 (FIG. 31) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 




RISC-X86 TRANSITION: 
MAPx86 RETURN TO RISC 

342 (FIG. 31) 



x86 -RISC TRANSITION: 
MAPx86 CALL TO RISC 

322 (FIG.3H) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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x86 PREAMBLE: 


319 


(NEED NOT BE INLINE) 




-LOAD REGISTER ARGS 




FILL-IN RXA (RETURN TRANSFER ARGUMENT AREA) 



r GENERAL .ENTRY: 



YES 



XD == 0? 



NO 



r- NATIVE.ENTRY: — 

NATIVE PREAMBLE: 
(TYPICALLY VACUOUS) 

-VARARGS 

-APFORAVERY BIG ARGUMENT LIST 



OMIT IF 
NATIVE ONLY 



FUNCTION BODY: 



317 



318 



SETUPXD: 

XD —<DESCRlPTOR_CONSTANT> 

RET 
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320 

X86-to Tapestry transition exception handler ^ 

II This handler is entered under the following conditions: 
// 1 . An x86 caller invokes a native function 
// 2. An x86 function returns to a native caller 
// 3. x86 software returns to or resumes an interrupted native function following 
// an external asynchronous interrupt, a processor exception, or a context switch 
r 321 

dispatch on the two least-significant bits of the destination address { 
caseW //calling a native subprogram 

// copy linkage and stack frame information and call parameters from the memory 

// stack to the analogous Tapestry registers 

LR — [SP++] // set up linkage register L A 

AP— SP //address of first argument^^ 4 325 f 322 

SP-«-SP-8 //allocate return transfer argument area 327 
SP — SP & (-32) // round the stack pointer down to a 0 mod 32 boundary 
XD-*- 0 // inform callee that caller uses X86 calling conventions 328 

case "Of // resuming an X86 thread suspended during execution of a native routine \ 
if the redundant copies of the save slot number in EAX and EDX do not match or if 1 371 
the redundant copies of the timestamp in EBXfCX and ESI:EDI do not match { J 0 
// some form of bug or thread corruption has been detected 
goto TAPESTRY_CRASH_SYSTEM( thread-corruption-error-code ) 372 

save the EBXfCX timestamp in a 64-bit exception handler temporary register! 373 I 37Q 
(this will not be overwritten during restoration of the full native context) J 0 0 ' 0 ' u 

use save slot number in EAX to locate actual save slot storage^w374 

restore full entire native context (includes new values for all x86 registers) ^ 375 

if save slofs timestamp does not match the saved timestamp { 376 
// save slot has been reallocated; save slot exhaustion has been detected 
goto TAPESTRY_CRASH_SYSTEM( save-slot-overwritten-error-code )^, 77 

free the save slot -^378 

case"10 n // returning from X86 callee to native caller, result already in registers "] 

RV0<63:32>— edx<31:00> // in case result is 64 bits — —333 l„ 9 

convert the FP top-of-stack value from 80 bit X86 form to 64-bit form in RVDP ^ 334 f 661 

SP —ESI // restore SP from time of call —337 , 

case a H B // returning from X86 callee to native caller, load large result from memory ^ 

RV0..RV3 — load 32 bytes from [ESI-32] // (guaranteed naturally aligned) ^ 1 329 

SP— ESI // restore SP from time of call -X337 J 

EPO— EPC & -4 // reset the two low-order bits to zero^ 336 

RFE-\ „_ 
v 338 
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340 

Tapestry-to-X86 transition exception handler 

// This handler is entered under the following conditions: 
// 1. a native caller invokes an x86 function 
// 2. a native function returns to an x86 caller 
switch on XD<3:0>{ ->^^ 

XD_RET_FP: // result type is floating point 

FO/FI — FINFLATE.de( RVDP) // X86 FP results are 80 bits 
SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT & push // FP stack has 1 entry 
goto EXIT 

XD_RET_WRITEBACK: // store result to @RVA, leave RVA in eax 

RVA*-from RXA save // address of result area 

copy decode(XD<8:4>) bytes from RV0..RV3 to [RVA] y 342 

eax*- RVA // X86 expects RVA in eax 

SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT // FP stack is empty 

goto EXIT 

XD_RET_SCALAR: // result in eax:eda 

edx<31 :00> — eax<63:32> // in case result is 64 bits 
SP^-from RXA save // discard RXA, pad, args 

FPCW— image after FINIT // FP stack is empty 

goto EXIT 

XDCALLHIDDENJEMP: // allocate 32 byte aligned hidden temp^ 3 43 
esi— SP // stack cut back on return 

SP— SP-32 //allocate max size temp 1 344 

RVA— SP //RVA consumed later by RR J 

LR<1'0>- "11" //flag address for return & reload-^ 

goto CALL_COMMON 345 

default: // remaining XD_CALL_xxx encodings 

esi— SP // stack cut back on return ^ 

LR<1 :0> — "10" // flag address for return 343 



CALL.COMMON: .347 346 

interpret XD to push and/or reposition args -J 
[-SP]— LR // push LR as return address " 

EXIT: I- 348 

setup emulator context and profiling ring buffer pointer 

RFE -^ 349 // to original target 

} 

FIG. 31 



350 
/ 

interrupt/exception handler of Tapestry operating system: f 
II Control vectors here when a synchronous exception or asynchronous interrupt is to be 
// exported to / manifested in an x86 machine. 

//The interrupt is directed to something within the virtual X86, and thus there is a possibility 
// that the X86 operating system will context switch. So we need to distinguish two cases: 
// either the running process has only X86 state that is relevant to save, or 
// there is extended state that must be saved and associated with the current machine context 
// (e.g., extended state in a Tapestry library call in behalf of a process managed by X86 OS) 
if execution was interrupted in the converter - EPC.ISA == X86 { 1 
// no dependence on extended/native state possible, hence no need to save any f351 
goto EM86_Deliver_lnterrupt( interrupt-byte ) J 
} else if EPC.Taxi_Active { ^ 
II A Taxi translated version of some X86 code was running. Taxi will rollback to an 
//x86 instruction boundary. Then, if the rollback was induced by an asynchronous external 
// interrupt, Taxi will deliver the appropriate x86 interrupt. Else, the rollback was induced 
// by a synchronous event so Taxi will resume execution in the converter, retriggering the 
// exception but this time with EPC.ISA == X86 
goto TAXi_Rollback( asynchronous-flag, interrupt-byte ) 
}elseif EPC.EM86{ 

// The emulator has been interrupted. The emulator is coded to allow for such 
// conditions and permits re-entry during long running routines (e.g. far call through a gate) 
// to deliver external interrupts 
goto EM86_Deliver_lnterrupt( interrupt-byte ) 



>353 



V354 



} else { 



// This is the most difficult case - the machine was executing native Tapestry code on > 
// behalf of an X86 thread. The X86 operating system may context switch. We must save 
// all native state and be able to locate it again when the x86 thread is resumed. 
r 361 

allocate a free save slot; if unavailable free the save slot with oldest timestamp and try again 
save the entire native state (both the X86 and the extended state) 1 362 
save the X86 EIP in the save slot J ^ 363 

overwrite the two low-order bits of EPC with "0T (will become X86 interrupt EIP) y y 360 
store the 64-bit timestamp in the save slot, in the X86 EBX:ECX register pair (and, "1 „ fi , 

for further security, store a redundant copy in the X86 ESLEDI register pair) y w 
store the a number of the allocated save slot in the X86 EAX register (and, again for \ 

further security, store a redundant copy in the X86 EDX register) j* Jb5 

goto EM86_Deliver_lnterrupt( interrupt-byte ) 



369 

j 
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typedef struct { 
save_slot_t* 
save_slot_t* 
unsigned int64 
unsigned int64 
unsigned int64 

timestampj 
int 

boolean 
} save_slot_t; 



newer, // pointer to next-most-recently-allocated save slor 
older; //pointer to next-older save slot 
epc; //saved exception PC/IP 

pew; // saved exception PCW (program control word) 

registers[63]; // save the 63 writeable general registers 

// other words of Tapestry context 
timestamp; // timestamp to detect buffer overrun > 
save_slot_ID; // ID number of the save slot -\ 
save_slot_is_full; // full / empty flag ^ 357 

v 359 



-358 



•379c 



►356 



■ 355 



save_slot_t* 
save slot t * 



save_slot_head; // pointer to the head of the queue -n 
save_slot_tail; // pointer to the tail of the queue ^ 379a 



379b 



system initialization 

reserve several pages of unpaged memory for save slots 
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r- 1 - PREPARE x86 EXCEP. OR INT. — i ' 

ALLOC FREE OR OLDEST SAVE SLOT 
STORE TIMESTAMP & FULL STATE 
x86 REGS —SAVE SLOT ID, 

TIMESTAMP 
EPC<1:0>— 01 




306,316,302 



340-^ 
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HANDLER: RISC TO x86 



XD CONTAINS RETURN-DESCRIPTOR: 

INTERPRET XD: 342 
- REFORMAT /REPOSTION RESULT 
-LOADFPCW , , 

SP — [SP]//POPRAANDARGS [V 1 1 



XD CONTAINS CALL-DESCRIPTOR: 
ESI— SP 

INTERPRET XD, REPOSITION ARGS 
LR<1:0> — IxPERXD 
PUSH LRAS RA(RETADDR) 




EPC<1:0> = 00: 
LR — [SP] 
SP — SP + 4 
AP — SP 
SP — SP - 8 
SP — SP & (-32) 
XD — 0 



//RET AREA 



370 

EPC<1:0> == 01: 
x86 REGS POINTS TO SAVE SLOT 
USING TS VERIFY NO OVERWRITE 
RESTORE FULL STATE 
FREE SAVE SLOT 

EPC<1:0> — 00 , 



EPC<1:0>==1x: ^ ^ 
REFORMAT /REPOSTION THE 

FUNCTION RESULT PER EPC<0> 
SP— ESI 

EPC<1:0> — 00 i 
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HANDLER: RISC TO x86 



v| XD CONTAINS RETURN-DESCRIPTOR: 
INTERPRET XD: 

- REFORMAT/REPOSTION RESULT 
-LOADFPSW 

SP— [SPJ//POP RA&ARGS 
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— HANDLER: x86 TO RISC 
EPC<1:0> == 00: 

LR— [SP] 

SP— SP + 4 

AP— SP 

SP— SP-8 

SP— SP&(-32) 
_1D^0 

EPC<1:0>== 01: 
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ALLOC FREE OR OLDEST SAVE SLOT 
STORE TIMESTAMP & FULL STATE 
x86 REGS —SAVE SLOT ID, TIMESTAMP 
EPC<1:0>— 01 
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HANDLER: x86 TO RISC 



EPC<1:0> == 00: 



EPC<1:0> ==01: 
x86 REGS POINTS TO SAVE SLOT 
USING TS VERIFY NO OVERWRITE 
RESTORE FULL STATE 
FREE SAVE SLOT 
EPC<1:0>— 00 370 
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340 

HANDLER: RISC TO x86 



XD CONTAINS RETURN-DESCRIPTOR: 



XD CONTAINS CALL-DESCRIPTOR: 
ESI— SP 

INTERPRET XD, REPOSITION ARGS 
LR<1:0>— IxPERXD 
PUSH LRAS RA(RETADDR) 0^ 



T" 

J 



HANDLER: x86 TO RISC 



EPC<1:0>==00: 



EPC<1:0>==01: 



EPC<1:0>==1x: 
REFORMAT /REPOSITION THE 
FUNCTION RESULT PER EPC<0> 
SP— ESI 
EPC<1:0>— 00 
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CODE 
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EVENT 










402 




CODE 








EMULAJORPROBE 




0.0000 


i\pnmT / jo* Tn»uftn»nrifT\ n/rirr nrnpr Ai 1 AAkrt/CDTCO WAI I ICO 

DEFAULT (x86 TRANSPARENT) EVENT, REUSE ALL CONVERTtR VALUES 


vcc 
ICO 




UA 
NU 




DEI ICC CWCMT PARE 
O0C CVtmtvVt 




0.0001 


ah mi r ft** HiAmi iatiah AAi mi ptiau /on icr n/cirT aaah 

SIMPLE x86 INSTRUCTION COMPLETION (REUSE EVENT CODE) 


vcc 

ICO 




UA 
NU 




\CvOCCVdllvUuC 




0.0010 


PROBE EXCEPTION FAILED 


vcc 




UA 
NU 




KtUOD tVuil IUUl 




0.0011 


fm/\nr rv/ATATlAll Pill rr\ HTI Am AAARP TltlTO 

PROBE EXCEPTION FAILED, RELOAD PROBE TIER 


vcc 

ICO 




UA 

NU 




ociic:c\fMTr/\nc 

OOttVtNl WJUC 




0.0100 


FLUSH EVENT 


MA 

NO 


MA 

NU 


UA 

NU 


UA 
NU 






0.0101 


ArAiifimii pvrAt rriAii rm nnAuimiT Ai UllArA rAnACC\/CUT 

SEQUENTIAL; EXECUTION ENVIRONMENT CHANGED -FORCE EVENT 


MA 
NU 


vcc 

ICO 


UA 

NU 


MA 

NU 






0.0110 


FARE 


MA 

NO 


vcc 
ICO 


vcc 

ICO 


MA 

NU 






0.0111 


IE 


HA 

NU 


vcc 

ICO 


UA 

NU 


MA 

NU 




\ 


a a r\/\f\ 

0.1000 


CAD PAH 

PAKUALL 


NO 


ICO 


ILv 


YFS 


FAR CALL 




U. IUU 1 


FAR IMP 


NO 


YES 


YtS 


NO 






U. IU 1U 


WflAI • FMUIAT0R FXFCUTiON SUPPLY EXTRA INSTRUCTION DATA 0 


NO 


YES 


NO 


NO 






n inn 


AR0RT PROFll F C0I i FCT10N 


NO 


NO 


NO 


NO 








M WICHROM ASYNCHRONOUS INTERRUPT WiPROBE (GRP 0) 


NO 


YES 


YES 


YES 


EMULATOR PROBE 




n urn 


M SYNCHRONOUS/ASYNCHRONOUS INTERRUPT (GRP 0) 


NO 


YES 


YES 


NO 






n inn 

U. 1 1 IU 


yftfi ^YNrHRONOUMCHRONOUS INTERRUPT W/PR0BE (GRP 1) 


NO 


YES 


YtS 


YtS 


EMULATOR PROBE 




n 1111 

U. 1 1 1 1 


yfifi SYNCHRONOUS/ASYNCHRONOUS INTERRUPT (GRP 1) 

AOUO Hwlluwlwyy/Ay 1 llvl llwiiwy imuviwi i ij 


NO 


YES 


YES 


NO 






1.0000 


IP-RELATIVE JKZ FORWftRD (OPCODE 75, OF 85) 


VIA 

NO 


vcc 
ICO 


vcc 

ICO 


MA 
NU 






1.0001 


IP-REIATWE JNZ BACKWARD (OPCODE: 75. OF 85) 


UA 

NO 


vco 
YES 


vcc 
ICO 


VCC 
ICO 


IM7 
JN£ 




1.0010 


im. hoi ■ *• ip> a ai mivi ai 1 1 1 niiiAPAniiunn i iaa lAVn 1 AAA\ 

IP-REIATWE CONDITIONAL JUMP FORWARD • (JCC, JCXZ, LOOP) 


UA 

NO 


YES 


vcc 

YES 


MA 

NU 






1.0011 


,i. »■> i*fln> aaiiniviaiiii ii it in ni Ai/iiimn linn irtlrt 1 AAA\ 

IP-RELATIVE CONDITIONAL JUMP BACKWARD • (JCC, JCXZ, LOOP) 
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OPTIMIZED LOAD BIT 810 IS ONE 843 



ELSE IF THE LOAD IS KNOWN TO BE (OR BELIEVED TO BE) TO NON-WELL-BEHAVED MEMORY 



-844 
"lYES 



NO 

1 



EMIT THE LOAD THROUGH THE CONVENTIONAL SEGMENT DESCRIPTOR USED BY THE EMULATOR, WHOSE TAXi 

OPTIMIZED LOAD BIT 810 IS ZERO. 



ELSE 

7 



846 



1 



CHOOSE A SEGMENT DESCRIPTOR HEURISTICALLY 



-847 



845 



r CASE 2, AGGRESSIVE OPTIMIZATION ENABLED: 



851 



IF THISLOAD IS OPTIMIZED, 



YES 



850 



852 

s 



NO 

_L 



EMITALOAD THROUGH THE CONVENTIONAL SEGMENT DESCRIPTOR USED BYTHE EMULATOR, WHOSE TAXi 

OPTIMIZED LOAD BIT 810 IS ONE. 



ELSE IF THE LOAD IS KNOWN TO BE (OR BELIEVED TO BE) TO NON-WELL-BEHAVED MEMORY 



NO 



ELSE 



" 853 or. 

~]YES 85 4 



MARK THE CONVENTIONAL DESCRIPTOR TO INDICATE THAT IT MUST BE CLONED IN THE PROLOG 

EMIT THE LOAD THROUGH THE DESCRIPTOR TO BE CLONED BY THE CODE EMITTED AT 866, 868, WHOSE TAXi 

OPTIMIZED LOAD BIT 810 IS ZERO. / 



856 



1 



855 



CHOOSE A SEGMENT DESCRIPTOR HEURISTICALLY 



857 



FIG. 8B 



r— TAXi CODE PROLOG GENERATION BYTAXi TRANSLATOR 

862 

Z 



860 



FOR EACH NATIVE X86 SEGMENT DESCRIPTOR: 



DONE 




864 



IF THIS DESCRIPTOR IS MARKED TO INDICATE THAT ACLONED COPY IS REQUIRED 
(REFLECTING BOTH OPTIMIZED AND UNOPTIMIZED REFERENCES THROUGH THIS SEGMENT 

DESCRIPTOR) 



ELSE 



THEN 
± 



866 



EMIT CODE TO COPY ONE OF THE X86 SEGMENT DESCRIPTORS TO ONE OF THE 
SEGMENT DESCRIPTOR REGISTERS RESERVED FOR TAXi CODE. THE TAXi 
OPTIMIZED LOAD BIT 810 OF THE SEGMENT DESCRIPTOR IS GUARANTEED TO MATCH 

TAXi CONTROL.TIO820 



7 



868 

JL- 



EMIT CODE TO EXPLICITLY SET THE VALUE OF THE CLONED DESCRIPTOR'S TAXi 
OPTIMIZED LOAD 810 TO THE OPPOSITE VALUE. 



EMIT CODE TO IMPLEMENT THE TRANSLATED HOT SPOT OF THE X86 CODE 



FIG. 8C 



F. 
1101 
L. 
1301 



I ALIGNED x86 INSTRUCTION 



>C PC 



> X86 INSTR 



> X86 INSTR 



M. 

120<146 




LOOP/REP 
COMPLETION 
LOGIC 



EPC FRAC 



FPJP.FP.OP.FP.DP 



FIG. 9A 



/^RACRESTMOtTv 
ViOGICONRFE^X 



VIRTUAL X86 PROCESS 
311 



X86 EMULATOR 


316 


HANDLER 1: 




RFE 




HANDLER 2: 




RFE 




HANDLER 3: 




RFE 





EMULATOR INTERFACE REGISTERS 



EPC 914 



EFFECTIVE 
ADDRESS 
SIZE 



EFFECTIVE 
OPERAND 
SIZE 



LOCK 
PREFIX 



912 



USER/ 


INTERRUPT 


ISA 


SINGLE 




X86 


FRAC 


EIP 


KERNEL 


ENABLE 


194 


STEP 




COMPLETED 


934 



REPEAT 
PREFIX 



CURRENT 
IP 



NEXT 
IP 



LEN 



OPCODE 



FP 
OPCODE 



SEGMENT 



BASE AND 
INDEX REGS 



DISP 



IMM 



MODRM 



BASE 



INDEX 



SCALE 



FIG. 9B 
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CO 
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MNEMONIC 


TYPE 


DESCRIPTION OF SIDE-BAND INFORMATION 


INSTRUCTIONS WITH 
Imm6 FIELD 




THE CONVERTER MAY SUPPLY A FULL 32-BIT IMMEDIATE. 


BRANCHES WITH 
OlSPlACEMENT 




THE CONVERTER MAY SUPPLY AFULL 32-BIT DISPLACEMENT. 


LDA/STA 


INTEGER 


A FULL 32-BIT DISPLACEMENT IS SENT ON THE IMMEDIATE BUS; THIS (S ADDED TO 
SRC1 TOCOMPUTETHE OFFSET FOR SOME ADDRESSING MODES. 


CJcond 


INTEGER 


THE CONVERTER MAY SPECIFY A 16 OR 32-BIT ADDRESS SIZE IN PARALLEL WITH THIS 
INSTRUCTION (A 32-BIT DISPLACEMENT MAY ALSO BE PROVIDED). 


CJcond 


INTEGER 


THE CONVERTER MAY SPECIFY A 16 OR 32-BIT ADDRESS SIZE IN PARALLEL WITH THIS 
INSTRUCTION. A32-BITDISPLACEMENT MAYALSO BE PROVIDED. 


FROMPR 


INTEGER 


3-BITS OF TOS (TOP-OF-STACK) ARE SENT ON THE IMMEDIATE BUS IN PARALLEL WITH 
THIS INSTRUCTION FOR USE BY THE FNSTSW INSTRUCTION CONVERTER SEQUENCE. 


LEA 


INTEGER 


A 6-BIT INDEX REGISTER SPECIFIER, A 32- BIT DISPLACEMENT, AND A 2-BIT SCALE 
FACTOR ARE PASSED FROM THE CONVERTER AS ADDITIONAL INPUTTO THE HARDWARE IN 
ORDERTO FORM ACOMPLETE x86 ADDRESSING MODE. 


LDAI 


INTEGER 


A 6-BIT INDEX REGISTER SPECIFIER, A 32- BIT DISPLACEMENT, AND A 2-BIT SCALE 
FACTOR ARE PASSED FROM THE CONVERTER AS ADDITIONAL INPUTTO THE HARDWARE IN 
ORDERTO FORM ACOMPLETE X86ADDRESSING MODE. ADDITIONALLY, A SECOND 
DESTINATION REGISTER IS PASSED AS THE DESTINATION OF THE ADDRESS 
AUTOINCREMENT MODE. 


LOOP.LOOPZ, 
LOOPNZ 


INTEGER 


THE CONVERTER MAY SPECIFY A 16 OR 32-BIT ADDRESS SIZE IN PARALLEL WITH THIS 
INSTRUCTION. A 32-BIT DISPLACEMENT MAYALSO BE PROVIDED. 


STAI 


INTEGER 


A 6-BIT INDEX REGISTER SPECIFIER, A 32- BIT DISPLACEMENT, AND A 2-BIT SCALE 
FACTOR ARE PASSED FROM THE CONVERTER AS ADDITIONAL INPUTTO THE HARDWARE IN 
ORDERTO FORM ACOMPLETE x86 ADDRESSING MODE. ADDITIONALLY, ASECOND 
DESTINATION REGISTER IS PASSED AS THE DESTINATION OF THE ADDRESS 
AUTOINCREMENT MODE. 


PSHUFW 


MMX 


ONLY 6 BITS OF THE Imm8 ARE STORED IN THE INSTRUCTION. THE REMAINING MO 
BITS ARE CREATED BYTHEHW CONVERTER. 


FLDA 


FPEP 


A 6-BIT INDEX REGISTER SPECIFIER AND A 32- BIT DISPLACEMENT, AND A 2-BIT SCALE 
FACTOR ARE PASSED FROM THE CONVERTER AS ADDITIONAL INPUTTO THE HARDWARE IN 
ORDERTO FORM A COMPLETE x86 ADDRESSING MODE. 


FTST 


FPEP 


1-BIT OF STO VALID IS SENT ON THE IMMEDIATE BUS IN PARALLEL WITH THIS 
INSTRUCTION. 


FSTA 


FPEP 


A 6-BIT INDEX REGISTER SPECIFIER AND A 2- BIT SCALE FACTOR ARE PASSED FROM THE 
CONVERTERAS ADDITIONAL INPUTTO THE HARDWARE IN ORDER TO FORM A COMPLETE 
x86 ADDRESSING MODE. 


rvAii 

FXAM 


cd ro 
FPEP 


< DIT CTft WAI in 10 DACCCn AM TUC lUMCniATC Dl IC 

1 bl 1 olUVALIU Id rAoobU UN Int IMMtUIAI t duo. 


INSTRUCTION 
CONTROL 




INSTRUCTION BOUNDARY INFORMATION: 

- START OF INSTRUCTION OR STRING ITERATION 

- LAST OF SEQUENCE 

■FP DP/,,, INTERNMENT CONTROL 
■FP'TAG MAP INTERNMENT CONTROL 
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X86 instruction PUSHAD 
Temp := (ESP) 
Push(EAX) 
Push(ECX) 
Push(EDX) 
Push(EBX) 
Push(Temp) 
Push(EBP) 
Push(ESI) 
Push(EDI) 



954 
951 



955 



Native Instruction Recipe 



950 



MOV.64 
STOREDEC.X 
STOREDEC.X 
STOREDEC.X 
STOREDEC.X 
8TOREDEC.X 
STOREDEC.X 
STOREDEC.X 
MOV.64 



FIG. 9E 



952^ 



tmp_d, ESP /* copy working SP to temp */ 
/ -EAX,SS 1 tmp_<K 
ECX,SS,tmp_d ^"953 
EDX,SS,tmp_d 
EBX,SS,tmp_d 
ESP.SS.tmp d 
EBP.SS.tmp.d 
ESI,SS,tmp_d 
EDI,SS,tmp_d 

ESP.tmp.d /* commit new SP*/ 



IDIOM 


USAGE 


LOAD /OP [/STORE] 


LOAD DATA 


COMPLEX ADDRESS CALCULATION 


COMPUTED OFFSET 


MOV mem, [DEFGSJS / PUSH [DEFGSJS 
(SELECTOR PUSH/STORE) 


SELECTOR (PROCESSOR REGISTER NOT DIRECTLY 
ACCESSIBLE BY STORE INSTRUCTIONS) 


PUSHA (PUSH ALL) 


INTERMEDIATE STACK POINTER; COMMIT AT END 


POPA(POPALL) 


INTERMEDIATE STACK POINTER; COMMIT AT END 


MOV mem, Imm/PUSH Imm 


INTERMEDIATE (NOT AVAILABLE AS AN OPERANDTO 
STORE INSTRUCTION) 


MULTIPLY 


INTERMEDIARY TO CONNECT CONTIGUOUS NATIVE 
REGISTER PAIRTOX86 REGISTER PAIR 


DIVIDE 




XCHG 


THE CLASSIC USE OF A TEMPORARY! 


POP mem 


STACK POINTER UNTIL MEMORY OPERATIONS ARE FINISHED 











FIG. 9F 
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961 



X86 instruction ADD r/m8,r8 
DEST:=DEST + SRC; 



962 
963 



964^ 

FIG. 9G 



Native Instruction Recipe 
- LDA.b.write jntent tmp_d.Seg.Base.Base 
ADD.b tmp_d.tmp_d.reg 
STA.b tmp_d.Seg.Base.Base 



967 



X86 instruction CALL r/mX /* near absolute call V 
IF target instruction pointer is not within code segment limit 

THEN#GP(0);FI; L968 
IF stack not large enough for a 4-byte return address 

THEN #SS(0); Fl; Lg69 
Push(EIP); 
EIP:=EIP + DEST; 

FIG. 9H 

976 

/ 

X86 instruction CALL re1X I* near IP-relative call */ 
IF target instruction pointer is not within code segment limit 

THEN#GP(0);FI; 
IF stack not large enough for a 4-byte return address 

THEN #SS(0); Fl; 
Push(EIP); 
EIP:=EIP+DEST; 

FIG.9I 



Native Instruction Recipe 
LOAD.Iimit_checkrO,CS:reg_d 

^971 
972 

STOREDEC.X IP.SS.ESP 
JR reg_d 

^-973 



Native Instruction Recipe 



977 

STOREDEC.X IP.SS.ESP 
JR reg_d 

^978 



980 981 

X86 instruction LOOP imm8 Native Instruction Recipe 
Count :=ECX; 

Count := Count- 1; DEC.X ECX.ECX 

IF (Count ==0) ^ 

THEN BranchCond :=1; 932 

ELSE BranchCond : = 0; 

Fl; CJNE ECX,rO,imm8 



IF (BranchCond ==1) 
THEN 

NextElP := NextElP + SignExtend(DEST); 

IF target instruction pointer is not with code segment limit 

THEN 

#GP(0); T ECX not modified */ 
ELSE 
ECX := COUNT; 
EIP := NextElP; 

Fl; 
ELSE 
ECX := Count; 

Terminate loop and continue program execution at EIP; 

FIG. 9J 



^983 



986 



987 



X86 REPNZ MOVS 
WHILE ECX*0 
DO 

service pending interrupts (if any); 
execute associated MOV instruction; 
ECX:=ECX-1; 
IF ECX = 0 

THEN exit WHILE loop; 
IFZF = 1 

THEN exit WHILE loop; 

Fl; 
OD; 
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LDA.D 

STOREINC 

JNZ 



qQ1 f LDA.b 
1 STOREINC 
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* LDA.b 
STOREINC 

989 / M 



tmp_d,src++ 
dest++,tmp_d 
predicted not taken 
tmp_d, src++ 
dest++,tmp_d 
predicted not taken 
tmp_d, src++ 
dest++,tmp_d 
predicted not taken 
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